Summary

The Safend Data Protection Agent is vulnerable to a privilege elevation vulnerability in the SDBAgent Windows service file.

CVE number: CVE-2012-4760

Impact: Medium

Vendor homepage: http://www.wave.com/products/safend-protector

Vendor notified: 11/09/2012

Vendor response (updated 4/12/2012): WRITE_DAC access: despite the fact that indeed the permission allows such change we enforce even more powerful protection on both SDPAgent.exe and SDBAgent.exe and prevent any attempt to modify (as part of all versions) or even rename such file (as part of latest version you did not test) so the vulnerability is not exploitable.

Affected Products

Safend Data (Client software) 3.4.5586.9772. Other versions may also be affected.

Details

The SDBagent service has 'WRITE_DAC' privileges set for all local users. The WRITE_DAC privilege would allow a local user to rewrite the acl and give himself full control of the file which could then be trojaned to gain full local admin privileges. The following is the output from the cacls command: